codeql

command

v0.1.0 Latest Latest Go to latest Published: Jan 5, 2024 License: MIT Imports: 8 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/scan-io-git/scan-io

Links

Open Source Insights

README ¶

CodeQL Plugin

Prerequisites

Follow official documentation to install codeql-cli, queries repos and/or qlpacks: https://docs.github.com/en/code-security/codeql-cli/using-the-codeql-cli/getting-started-with-the-codeql-cli.

Usage Example

list+fetch+scan flow:

scanio list --vcs github --vcs-url github.com --namespace scan-io-git --output /tmp/scanio-projects.json

scanio fetch --vcs github -i /tmp/scanio-projects.json --auth-type http

# Currently env var 'SCANIO_CODEQL_LANGUAGE' is the only way to say codeql, what is the languages of a project.
export SCANIO_CODEQL_LANGUAGE=go
scanio analyse --scanner codeql -c codeql/go-queries -f sarifv2.1.0 -i /tmp/scanio-projects.json
# results will be saved in dedicated folder for the project: '~/.scanio/results/github.com/scan-io-git/scan-io/'

just scan:

# Currently env var 'SCANIO_CODEQL_LANGUAGE' is the only way to say codeql, what is the languages of a project.
export SCANIO_CODEQL_LANGUAGE=javascript
scanio analyse --scanner codeql -c codeql/javascript-queries -f sarifv2.1.0 /path/to/github.com/juice-shop/juice-shop/
# results will be saved in project rooot directory: '/path/to/github.com/juice-shop/juice-shop/'

Documentation ¶

There is no documentation for this package.

Source Files ¶

View all Source files

codeql.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL